lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 7 Apr 2012 18:43:18 +0200
From: rancor <therancor@...il.com>
To: klondike <klondike@...cosoft.es>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: FSA2012-1 and FSA2012-2: Chocolate easter
 egss vulnerable to egg white injection and usable as trojan horses.

Nice catch!

"Glad påsk" as we say in Sweden
Den 7 apr 2012 16:23 skrev "klondike" <klondike@...cosoft.es>:

> Given to their nature chocolate easter eggs present a few
> vulnerabilities that can be exploited by a malicious attacker to gain
> complete control of a person's hate.
>
> FSA2012-1:
> 1. Summary
> Impact: high
> Exploitability: local
> Synopsis: Through some special unintended actions and attacker can cause
> an egg white injection into chocolate easter egss altering the nature of
> the system.
>
> 2. Impact
> Backgorund:
> Chocolate easter eggs are a treat liked by both children and adults
> during and eaten most frequently during easter.
>
> Description:
> Using a syringe with an hypodermical needle a local attacker can cause
> an egg white injection into the egg inside. This can also be combined
> with FSA2012-2 in order to creat trojanized chocolate eggs with a crude
> egg payload.
>
> Impact:
> Injected eggs can be used to affect through social engineering
> techniques to standard chocolate eggs eaters causing them to redirect
> all their rage towards you. In critical cases like allergies the
> individual may end up dying.
>
> 3. Workarounds:
> There is currently no known workaround to the issue since it is inherent
> to the easter chocolate eggs design.
>
> FSA2012-1:
> 1. Summary
> Impact: high
> Exploitability: local
> Synopsis: Through some special unintended actions and attacker can craft
> trojanized chocolate easter egss whose contents won't be realized by the
> attacker until it has happened.
>
> 2. Impact
> Backgorund:
> Chocolate easter eggs are a treat liked by both children and adults
> during and eaten most frequently during easter.
>
> Description:
> It is possible to craft eggs containing the desired solid objects or
> half of its contents filled with other products in not solid state. This
> is done by joining both moulded egg halves together with the contents on
> one of them, or coating the object in chocolate if it is eggshaped.
>
> Impact:
> Trojanized eggs can be used to affect through social engineering
> techniques to standard chocolate eggs eaters causing them to redirect
> all their rage towards you. In critical cases like allergies the
> individual may end up dying. There have been cases where shelled hard
> boiled eggs where coated in crocant chocolate in order to send the
> affected user to the hospital.
>
> 3. Workarounds:
> There is currently no known workaround to the issue since it is inherent
> to the easter chocolate eggs design.
>
> Thanks:
> ss23
> Vinky
>
>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ